On 22/08/2016 14:48, Mukesh Chaurasia wrote: > 1. What is the procedure for patch updates for LibreOffice?
Basically, uninstall the old version of LibO, install the new version of LibO. As a general rule, copying the /config/LibO/old-version/user directory to /config/LibO/new-version/user migrates customizations. The big exception is installed extensions. Those will have to be manually done. (If LibO is compiled in-house, necessary extensions can be included in that build process.) The specific process depends upon the platform that is used. Note: neither Android nor iOS on the iPhone, iPod, or iPad are currently supported. You'll have to write a lot of code, to have a usable version of LibO on those platforms.) > 2. How will I get the information that any vulnerability has identified > in LibreOffice? https://www.libreoffice.org/about-us/security/advisories/ is a list of fixed, known vulnerabilities. Coverty scan results are posted to libreoff...@lists.freedesktop.org every month. http://nabble.documentfoundation.org/New-Defects-reported-by-Coverity-Scan-for-LibreOffice-td4191140.html is a fairly typical report. If you're wanting announcements, such as that described at https://www.helpnetsecurity.com/2016/06/30/libreoffice-flaw-godsend-hackers/, a Google Alert is your best bet. (That specific flaw was fixed in LibO 5.1.4/5.2.0.) > 3. How will I get the information about new updates available for > LibreOffice? annou...@documentfoundation.org: Mailing list for news and press releases by The Document Foundation. Subscription: announce+subscr...@documentfoundation.org Digest subscription: announce+subscribe-dig...@documentfoundation.org Archives: http://listarchives.documentfoundation.org/www/announce/ Mail-Archive.com: http://www.mail-archive.com/announce@documentfoundation.org/ GMANE: http://dir.gmane.org/gmane.comp.documentfoundation.announce That is a low traffic mailing list. Roughly half the messages are about new releases of either the program, or documentation. > 4. Who will support us in case if any outbreaks happens due to any > vulnerabilities? https://www.libreoffice.org/get-help/professional-support/ is a list of vendors of Tier 1 through Tier 3 support, that have undergone TDF certification. LibreOffice, as a project, and _The Document Foundation_, as an organization, provide Tier 0 support. > 5. What is timeline to provide the fix to any vulnerability? That depends on how severe the vulnerability is, and how much other code is affected by rewritten the vulnerable code. ### As far as points 1 through 4 go, what some organizations have done, is designated somebody as their FLOSS Specialist. This person is responsible for: * Keeping up with new releases and updates; * Testing all releases/updates ensuring that it works as expected, within the organisation's framework. This includes extensions that are mandated by corporate; * Keeping up with all announcements about vulnerabilities, regardless of where/how the vulnerability was announced; * Tracking all known vulnerabilities, including when and how fixed; * Filing bug reports with the organization that wrote the software; In some organizations, that individual is also responsible for all training on using the software. jonathon -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
